Author Archives: Graham

About Graham

I make it faster and easier for you to create high-quality code.

Using Aspect-Oriented Programming for Security Engineering

Posted on 2010-06-24 by Graham

This paper by Kotrappa Sirbi and Prakash Jayanth Kulkarni (link goes to HTML abstract, full text PDF is free) discusses implementation of an application’s security requirements in Java using Aspect-Oriented Programming (AOP). We have AOP for Objective-C (of sorts), but … Continue reading →

Posted in code-level, software-engineering, tool-support | Leave a comment

A solution in need of a problem

Posted on 2010-06-16 by Graham

I don’t usually do product reviews, in fact I have been asked a few times to accept a free product in return for a review and have turned them all down. This is just such an outré product that I … Continue reading →

Posted in Data Leakage | Leave a comment

Template class for unit testing Core Data entities

Posted on 2010-06-13 by Graham

Some time ago, in a blog far, far, away, I wrote about unit-testing Core Data. Essentially, your test case class should create a temporary, in-memory Core Data stack in -setUp, and clean it up in -tearDown. Your test methods can … Continue reading →

Posted in CoreData, software-engineering, tool-support | Leave a comment

Configuring CruiseControl.rb in under an hour

Posted on 2010-06-12 by Graham

One of the changes I decided to make straight after NSConf MINI yesterday was to enable continuous integration for my projects. I had used CI before based on BuildBot, but that had left me less than impressed: It was really … Continue reading →

Posted in software-engineering, tool-support | 3 Comments

On the extension of code signing

Posted on 2010-06-09 by Graham

One of the public releases Apple has made this WWDC week is that of Safari 5, the latest version of their web browser. Safari 5 is the first version of the software to provide a public extensions API, and there … Continue reading →

Posted in Authorization, Browser, Codesign, Crypto, Mac, Windows | Comments Off

On NSNull as an anti-pattern

Posted on 2010-05-25 by Graham

All this talk about type-safe collections may leave you thinking: but what about NSNull? Let’s say you have an array that only accepts objects conforming to MyProtocol. You can’t add +[NSNull null] to it, because it doesn’t implement the protocol. … Continue reading →

Posted in code-level, iPad, iPhone, Mac | 7 Comments

On type safety and making it harder to write buggy code

Posted on 2010-05-24 by Graham

Objective-C’s duck typing system is both a blessing and a curse. A blessing, in that it’s amazingly flexible. A curse, in that such flexibility can lead to some awkward problems. Something that typically happens in dealing with data from a … Continue reading →

Posted in code-level, iPad, iPhone, Mac | 5 Comments

Careful how you define your properties

Posted on 2010-05-19 by Graham

Spot the vulnerability in this Objective-C class interface: @interface SomeParser : NSObject { @private NSString *content; } @property (nonatomic, retain) NSString *content; – (void)beginParsing; //… @end Any idea? Let’s have a look at a use of this class in action: … Continue reading →

Posted in iPad, iPhone, Mac, Vulnerability | 2 Comments

Why OS X (almost) doesn’t need root any more

Posted on 2010-05-12 by Graham

Note: this post was originally written for the Mac Developer Network. In the beginning, there was the super-user. And the super-user was root. When it comes to doling out responsibility for privileged work in an operating system, there are two … Continue reading →

Posted in Authorization, Mac, PCAS | Comments Off

On improved tool support for Cocoa developers

Posted on 2010-05-12 by Graham

I started writing some tweets, that were clearly taking up too much room. They started like this: My own thoughts: tool support is very important to good software engineering. 3.3.1 is not a big inhibitor to novel tools. /cc @rentzsch … Continue reading →

Posted in PCAS, threatmodel, tool-support | 1 Comment